use of com.github.zhenwei.core.asn1.pkcs.Attribute in project jruby-openssl by jruby.
the class PKCS10Request method setAttributes.
private void setAttributes(final ASN1Set attrs) {
this.attributes = new ArrayList<Attribute>();
final Enumeration e = attrs.getObjects();
while (e.hasMoreElements()) {
addAttribute(Attribute.getInstance(e.nextElement()));
}
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project cloudstack by apache.
the class RootCAProvider method generateCertificateUsingCsr.
private Certificate generateCertificateUsingCsr(final String csr, final List<String> names, final List<String> ips, final int validityDays) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, CertificateException, SignatureException, IOException, OperatorCreationException {
final List<String> dnsNames = new ArrayList<>();
final List<String> ipAddresses = new ArrayList<>();
if (names != null) {
dnsNames.addAll(names);
}
if (ips != null) {
ipAddresses.addAll(ips);
}
PemObject pemObject = null;
try {
final PemReader pemReader = new PemReader(new StringReader(csr));
pemObject = pemReader.readPemObject();
} catch (IOException e) {
LOG.error("Failed to read provided CSR string as a PEM object", e);
}
if (pemObject == null) {
throw new CloudRuntimeException("Unable to read/process CSR: " + csr);
}
final JcaPKCS10CertificationRequest request = new JcaPKCS10CertificationRequest(pemObject.getContent());
final String subject = request.getSubject().toString();
for (final Attribute attribute : request.getAttributes()) {
if (attribute == null) {
continue;
}
if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
final Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
final GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
if (gns != null && gns.getNames() != null && gns.getNames().length > 0) {
for (final GeneralName name : gns.getNames()) {
if (name.getTagNo() == GeneralName.dNSName) {
dnsNames.add(name.getName().toString());
}
if (name.getTagNo() == GeneralName.iPAddress) {
final InetAddress address = InetAddress.getByAddress(DatatypeConverter.parseHexBinary(name.getName().toString().substring(1)));
ipAddresses.add(address.toString().replace("/", ""));
}
}
}
}
}
final X509Certificate clientCertificate = CertUtils.generateV3Certificate(caCertificate, caKeyPair, request.getPublicKey(), subject, CAManager.CertSignatureAlgorithm.value(), validityDays, dnsNames, ipAddresses);
return new Certificate(clientCertificate, null, Collections.singletonList(caCertificate));
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class ESTService method simpleEnrollPoP.
/**
* Implements Enroll with PoP. Request will have the tls-unique attribute added to it before it is
* signed and completed.
*
* @param reEnroll True = re enroll.
* @param builder The request builder.
* @param contentSigner The content signer.
* @param auth Auth modes.
* @return Enrollment response.
* @throws IOException
*/
public EnrollmentResponse simpleEnrollPoP(boolean reEnroll, final PKCS10CertificationRequestBuilder builder, final ContentSigner contentSigner, ESTAuth auth) throws IOException {
if (!clientProvider.isTrusted()) {
throw new IllegalStateException("No trust anchors.");
}
ESTResponse resp = null;
try {
URL url = new URL(server + (reEnroll ? SIMPLE_REENROLL : SIMPLE_ENROLL));
ESTClient client = clientProvider.makeClient();
//
// Connect supplying a source listener.
// The source listener is responsible for completing the PCS10 Cert request and encoding it.
//
ESTRequestBuilder reqBldr = new ESTRequestBuilder("POST", url).withClient(client).withConnectionListener(new ESTSourceConnectionListener() {
public ESTRequest onConnection(Source source, ESTRequest request) throws IOException {
if (source instanceof TLSUniqueProvider && ((TLSUniqueProvider) source).isTLSUniqueAvailable()) {
PKCS10CertificationRequestBuilder localBuilder = new PKCS10CertificationRequestBuilder(builder);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
byte[] tlsUnique = ((TLSUniqueProvider) source).getTLSUnique();
localBuilder.setAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(Base64.toBase64String(tlsUnique)));
bos.write(annotateRequest(localBuilder.build(contentSigner).getEncoded()).getBytes());
bos.flush();
ESTRequestBuilder reqBuilder = new ESTRequestBuilder(request).withData(bos.toByteArray());
reqBuilder.setHeader("Content-Type", "application/pkcs10");
reqBuilder.setHeader("Content-Transfer-Encoding", "base64");
reqBuilder.setHeader("Content-Length", Long.toString(bos.size()));
return reqBuilder.build();
} else {
throw new IOException("Source does not supply TLS unique.");
}
}
});
if (auth != null) {
auth.applyAuth(reqBldr);
}
resp = client.doRequest(reqBldr.build());
return handleEnrollResponse(resp);
} catch (Throwable t) {
if (t instanceof ESTException) {
throw (ESTException) t;
} else {
throw new ESTException(t.getMessage(), t);
}
} finally {
if (resp != null) {
resp.close();
}
}
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class PKCS10CertificationRequest method getAttributes.
/**
* Return an array of attributes matching the passed in type OID.
*
* @param type the type of the attribute being looked for.
* @return an array of Attribute of the requested type, zero length if none present.
*/
public Attribute[] getAttributes(ASN1ObjectIdentifier type) {
ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
if (attrSet == null) {
return EMPTY_ARRAY;
}
List list = new ArrayList();
for (int i = 0; i != attrSet.size(); i++) {
Attribute attr = Attribute.getInstance(attrSet.getObjectAt(i));
if (attr.getAttrType().equals(type)) {
list.add(attr);
}
}
if (list.size() == 0) {
return EMPTY_ARRAY;
}
return (Attribute[]) list.toArray(new Attribute[list.size()]);
}
use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.
the class PKCS10CertificationRequest method getAttributes.
/**
* Return the attributes, if any associated with this request.
*
* @return an array of Attribute, zero length if none present.
*/
public Attribute[] getAttributes() {
ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
if (attrSet == null) {
return EMPTY_ARRAY;
}
Attribute[] attrs = new Attribute[attrSet.size()];
for (int i = 0; i != attrSet.size(); i++) {
attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i));
}
return attrs;
}
Aggregations